Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user.
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
| Link | Tags |
|---|---|
| http://www.greymagic.com/security/advisories/gm008-op/ | vendor advisory broken link exploit |
| http://secunia.com/advisories/12233 | patch vendor advisory broken link third party advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16904 | third party advisory vdb entry |
| http://www.opera.com/docs/changelogs/windows/754/ | patch broken link |
| http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml | patch vendor advisory third party advisory |
| http://www.securityfocus.com/bid/10873 | patch vdb entry broken link third party advisory |
| http://osvdb.org/8331 | vdb entry broken link |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0131.html | broken link mailing list |